Please note that the ark file is only partial because the PC reboots at about the same point each time I tried to run gmer. So I did a save just prior to the point that I think it was going to reboot yet again.
DDS (Ver_10-11-10.01) - NTFSx86
Run by HP_Owner at 15:32:48.71 on Tue 11/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.115 [GMT -8:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101122122049.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\SpySub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxps://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290377486986
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290489321421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-22 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-11-22 54776]
R2 GoogleUpdateBeta;Google Update Service;c:\documents and settings\networkservice\local settings\application data\google\update\GoogleUpdateBeta.exe [2010-11-23 40960]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-11-21 93320]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-22 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-22 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-22 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-22 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-22 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-22 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-22 88544]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-22 55840]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-22 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-22 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-11-21 34248]
=============== Created Last 30 ================
2010-11-23 19:25:01 -------- d-----w- c:\program files\McAfeeMOBK
2010-11-23 19:08:56 -------- d-sh--w- c:\documents and settings\hp_owner\IECompatCache
2010-11-23 05:08:45 -------- d-sh--w- c:\documents and settings\hp_owner\PrivacIE
2010-11-23 05:02:30 -------- d-sh--w- c:\documents and settings\hp_owner\IETldCache
2010-11-23 04:24:21 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-11-23 04:22:29 -------- d-----w- c:\docume~1\hp_owner\applic~1\Azureus
2010-11-22 23:11:32 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-11-22 23:11:19 -------- d-----w- c:\program files\McAfee Online Backup
2010-11-22 23:09:51 53248 ----a-w- c:\windows\system32\6to4v32.dll
2010-11-22 20:20:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-22 20:20:34 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-22 20:20:22 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-22 20:20:21 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-11-22 20:20:21 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-22 20:20:21 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-22 20:20:21 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-22 20:20:21 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-22 20:20:21 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-22 20:20:20 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-22 20:05:54 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-22 20:05:54 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-22 19:51:24 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-11-22 19:51:24 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-11-22 19:51:23 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-22 19:51:23 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-22 04:02:42 -------- d-----w- c:\program files\common files\McAfee
2010-11-22 04:02:38 -------- d-----w- c:\program files\McAfee.com
2010-11-22 04:01:40 -------- d-----w- c:\program files\McAfee
2010-11-22 03:59:59 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-11-21 23:07:49 19569 ----a-w- c:\windows\005226_.tmp
2010-11-21 23:07:39 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-21 22:31:49 331805736 ----a-w- c:\program files\Malwarebytes' Anti-Malware.lnk
2010-11-21 22:30:44 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-21 21:15:47 -------- d-----w- c:\docume~1\hp_owner\applic~1\Uniblue
2010-11-21 21:14:18 -------- d-----w- c:\program files\Uniblue
2010-11-21 21:13:43 -------- d-----w- c:\docume~1\hp_owner\locals~1\applic~1\PackageAware
2010-11-21 20:14:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-21 20:14:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 00:28:23 -------- d-sh--w- c:\documents and settings\hp_owner\UserData
2010-10-30 19:52:18 -------- d-sh--r- C:\cmdcons
2010-10-30 19:52:08 -------- d-----w- c:\windows\setupupd
2010-10-30 19:50:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-30 19:47:02 184320 ------w- c:\windows\system32\SiSApCom.dll
2010-10-30 19:47:02 110592 ------w- c:\windows\system32\TVMode.dll
2010-10-30 19:46:46 331776 ----a-w- c:\windows\system32\sistray.exe
2010-10-30 19:46:43 -------- d-----w- c:\windows\system32\trayres
2010-10-30 18:26:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-10-30 18:26:21 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-30 18:26:18 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-30 18:26:16 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-30 16:47:03 -------- d-sh--r- c:\windows\system32\dllcache
2010-10-30 16:24:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSTB
==================== Find3M ====================
2010-11-22 01:50:45 3645 ----a-w- c:\windows\viassary-hp.reg
2005-07-30 09:46:26 774144 -c--a-w- c:\program files\RngInterstitial.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N rev.TM100-24 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B78446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b7e504]; MOV EAX, [0x82b7e580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x82BE9560]
3 CLASSPNP[0xF7D3005B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\0000005f[0x82B91F18]
5 ACPI[0xF7BC6620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x82BC9D98]
\Driver\atapi[0x82B61888] -> IRP_MJ_CREATE -> 0x82B78446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP1604N_________________________TM100-24#30533331314a5930313130313232202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B78292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 15:35:29.29 ===============